I assume the script has its own special account on the database which is
itself locked down on particular tables/actions? It doesn't improve the
password security but is a small amount of damage limitation.
Ian
-----Original Message-----
From: Jeff Robertson [mailto:Jeff.Robertson@DigitalInsight.com]
Sent: 18 March 2005 18:19
To: Webappsec (E-mail)
Subject: clear-text passwords in shell/perl scripts
Say that a perl script needs access to a database, and access to this
database requires a password. The script needs to run automatically with
no human intervention, so it is not possible to prompt a user to enter
the password at run time. This means that the password must either be in
the script itself or in a file readable by the script.
I have been asked what can be done to protect this password from falling
into the wrong eyes. My recommendation is to tightly control read
permissions to the script and/or the file that contains the password.
Make the file owned by a special-purpose user who only exists to run
this script, and chmod it to 600. That sort of thing.
It has been suggested to encrypt the password. Since the script needs to
get the clear text of the passwords in order to use them, this will need
to be symmetric encryption and the script will need to have the key
available, presumably stored in yet another file. As there would be no
way to keep the key from being stolen other than to use the file
permissions that were being relied on previously, you've just increased
the complexity of the system without actually making it any more secure.
This is bad. You'd be better off sticking with the simpler solution,
since the security is the same either way.
Can anyone either refute or provide further points in support of my
stance on this?
Jeff Robertson
Manager of Web Application Security
Digital Insight
